// https://elixir.bootlin.com/linux/v5.13/source/include/linux/sched.h#L215
#define TASK_COMM_LEN 16
// 定义事件类型

#define EXEC 1
#define OPEN 2

struct event_t {
    int pid;  // pid in host pid namespace
    int ppid; // ppid in host pid namespace
    unsigned long pid_ns;
    int type;// tag event type 
    char comm[TASK_COMM_LEN]; // the name of the executable (excluding the path)
};
